Keeping your data secure
Liquibase maintains administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, disclosure, alteration, loss, and misuse.
No online transmission is ever guaranteed to be fully secure or error-free, including email. Liquibase recommends not sending or disclosing any sensitive personal information to us directly or through our products.
Example: protected health information, passwords, and authentication/authorization credentials for other services.
Enhancing your database security
Liquibase lets you validate all database changes and use automation to control database access:
- If you store credentials for your application CD solution in a central, secure location such as HashiCorp Vault, automation can gather credentials from the tool and pass them to Liquibase without direct human access. Using this best practice with Liquibase decreases the surface area for database attacks.
- If you have a large number of users who make manual schema changes to the database, Liquibase eliminates the need for them to have direct database access.
Storing your credentials
Liquibase recommends storing user credentials in a secure credential repository, entering them in the CLI at runtime, or using Liquibase Environment Variables.
Using Liquibase and source control
Source control systems will help you manage and track the history of your resources, including changelogs and changesets. Using source control, you have an option to view when a file was changed, compare the changes that were made, and know who made the changes. Liquibase works with any source control system.
Liquibase versions your database changes, so storing these changes in a Source Control Management system is a best practice. Liquibase recommends you follow these best practices:
- Keep changelogs in the same repository as application code to ensure everything is kept in sync.
- Keep changesets in separate files to save time on searches and updates or avoid potential merge conflicts.
- Keep changelogs organized to identify your files by releases, database object types, or other information you prefer.
- Use branch and file naming standards to maintain logical patterns so you can see the exact changes in your branches and files.